EP2382735B1 - Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs - Google Patents

Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs Download PDF

Info

Publication number
EP2382735B1
EP2382735B1 EP09836638.8A EP09836638A EP2382735B1 EP 2382735 B1 EP2382735 B1 EP 2382735B1 EP 09836638 A EP09836638 A EP 09836638A EP 2382735 B1 EP2382735 B1 EP 2382735B1
Authority
EP
European Patent Office
Prior art keywords
pin
key
random number
domain
whdi
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP09836638.8A
Other languages
German (de)
English (en)
Other versions
EP2382735A2 (fr
EP2382735A4 (fr
Inventor
Jiang Zhang
Alexander Medvinsky
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google Technology Holdings LLC
Original Assignee
Google Technology Holdings LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Google Technology Holdings LLC filed Critical Google Technology Holdings LLC
Publication of EP2382735A2 publication Critical patent/EP2382735A2/fr
Publication of EP2382735A4 publication Critical patent/EP2382735A4/fr
Application granted granted Critical
Publication of EP2382735B1 publication Critical patent/EP2382735B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/43615Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/4363Adapting the video stream to a specific local network, e.g. a Bluetooth® network
    • H04N21/43637Adapting the video stream to a specific local network, e.g. a Bluetooth® network involving a wireless protocol, e.g. Bluetooth, RF or wireless LAN [IEEE 802.11]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • WIRELESS HOME DIGITAL INTERFACE is a wireless standard proposed for a wireless multimedia device network, which may be used at home, in the office or in other short-range wireless network environments.
  • WHDI allows for high bandwidth wireless channels for sending content between devices, which may support uncompressed High Definition (HD) content.
  • HD High Definition
  • a DVD player may be connected to multiple HDTVs wirelessly and send uncompressed content to the HDTVs using WHDI.
  • WHDI eliminates the need for cabling, such as High Definition Multimedia Interface (HDMI) cables, component cables, etc., used to transmit uncompressed content between devices.
  • Conventional wireless technologies such as 802.11, BLUETOOTH, etc., do not have the bandwidth or interface to transmit uncompressed multimedia content between devices.
  • WHDI can be used in various environments. For example, a user located in a single family home or in an apartment may connect a DVD player, an MP3 player, a laptop/notebook or desktop personal computer (PC), a gaming console, and flat panel TVs all together, wirelessly, using WHDI.
  • a user wirelessly connects a multimedia projector in a conference room to a desktop PC in his office, and to a set of notebook computers of numerous meeting participants using WHDI.
  • security is a concern because of the wireless communication between the WHDI devices. Due to the nature of wireless networks, typically they are easy to identify by unauthorized users. Also, an unauthorized user may attempt to identify and connect to the particular devices connected in a home WHDI network.
  • the homeowner may desire to keep the identity of their devices private and their devices away from the unauthorized users. For example, a homeowner may not want a neighbor to know they have five HDTVs, or they may not want any non-family members to know they have a server connected to their home network because the server may contain confidential information, such as personal videos, etc.
  • WHDI provides the protocol and interfaces for high-bandwidth wireless networks
  • WHDI may lack the security procedures to maintain user privacy.
  • the present invention provides methods of secure and efficient domain key distribution for device registration in a WHDI network.
  • Embodiments of the present invention provide a secure, efficient and user-friendly method and system for verifying device certificate, generating Personal Identification Numbers (PINs), exchanging a device registration key and delivering the domain key among the different devices in a wireless network, in particular, a WHDI network in which the WHDI environment provides a set of security functions.
  • PINs Personal Identification Numbers
  • the four functions can be implemented within four transactions ingeniously, which makes the protocol more efficient than the traditional way.
  • WHDI is a proposed standard for high bandwidth wireless digital data connectivity between multiple points.
  • WHDI wirelessly transmits multimedia data, such as high definition video and the associated audio data, from source devices to sink devices in the WHDI network reliably.
  • Devices in a WHDI network are referred to as WHDI devices, and a WHDI network includes WHDI devices communicating wirelessly amongst each other using the WHDI standard.
  • WHDI devices are characterized as two types. One type is a source device and the other type is a sink device.
  • a WHDI device may be a source device, a sink device, or both depending on its functionality.
  • a source device transmits data streams across a WHDI network to a sink device, and a sink device receives data streams across the WHDI network from the source device.
  • source devices are set-top box, notebook Personal Computer (PC), desktop PC, DVD player, MP3 player, video camcorder, audio/video receiver, gaming console, etc.
  • sink device are TVs, PCs, projectors, etc.
  • a Personal Identification Number is used during a device registration process to allow a new device to become part of the network.
  • the device registration is a process to let a new device join another device or a network of devices in a domain.
  • a domain is a group of devices that are approved to share content with each other.
  • Device registration or domain registration includes the process of approving or denying a device to join a device or a domain.
  • Device registration can provide a user with control over which devices are allowed to connect to his/her device(s) or join his/her domain. So if a family has a domain, then all the devices owned by the family may be members of the domain, but a friend's device may not be allowed to join the domain.
  • the new device Prior to a new device being allowed to connect to an existing device or join a domain, the new device must be authorized or pre-approved to ensure that the new device is a device that a user wants to connect to the existing device or be in the domain.
  • the new device first needs to be verified if it is a WHDI standard compliant device. Whether a device is a WHDI standard compliant device can be verified by an existence of a valid WHDI certificate, which was issued by WHDI certificate authority to the device. For example, a family member purchases a new TV, and the family member wants the TV to become part of the family domain, so the TV can play content received from other devices in the family domain, such as a set-top box or a DVD player.
  • a neighbor purchases a TV
  • the family member likely does not want the neighbor's TV in the family's domain.
  • the neighbor's TV may inadvertently attempt to become part of the family domain.
  • a PIN generation method is described in U.S. Patent Application Serial Number (TBD) (Attorney Docket No. BCS05287), entitled “Personal Identification Number (PIN) Generation between Two Devices in a Network", by Paul Moroney and Jiang Zhang to determine whether a new device is authorized to join a domain.
  • TBD Patent Application Serial Number
  • the PIN may also be used to generate a device registration key, which is used to securely distribute the domain key that is used by the new device to join the domain.
  • the PIN is used to generate a device registration key (also referred to as a session key).
  • the session key is used to securely distribute a domain key to a new authorized device, so the new device can join the domain.
  • the session key is normally generated using some random numbers. Three random numbers may be used to generate the session key, where the third random number may be the PIN or another random number.
  • FIG. 1 illustrates a simplified block diagram of devices in a WHDI network 100, according to an embodiment of the present invention.
  • FIG. 1 shows a sink device 110 and a source device 120.
  • the sink device 110 is a TV
  • the source device 120 is a DVD player.
  • the WHDI network 100 may include additional sink devices and/or additional source devices.
  • the source device 120 may be a source of content. Content may include video content, audio content, or other data content, which may be from the Internet. More than one source device may be connected to more than one sink device simultaneously (e.g., for multicasting) or separately (e.g., unicasting). Examples of source devices and sink devices include a DVD player, an MP3 player, PC, a gaming console, TV, server, etc.
  • the sink device 110 When the sink device 110 attempts to connect to the source device 120 wirelessly within the WHDI network 100 for the first time, the sink device 110 needs to know whether the source device 120 is a secure device for the sink device 110. Also the source device 120 needs to know whether the sink device 110 is a secure device.
  • Secure device means that the device is a WHDI standard compliant device and the device is authorized to connect to the other device. Whether a device is a WHDI standard compliant device can be verified by an existence of a valid WHDI certificate, which was issued by WHDI certificate authority to the device. For example, an authorized device may be a device not owned by a family member, such as a neighbor's device or a friend's device.
  • a new authorized device may be a new TV purchased by the family.
  • a PIN generation procedure is used to distinguish unauthorized devices from an authorized device. That is, one way of verifying whether the other device is a secure device is that the sink device 110 generates a PIN for the source device 120 using a method described in further detail below. At the same time, the source device 120 also verifies whether the sink device 110 is a secure device for it by validating the sink device 110's certificate and optionally whether the generated PINs are matching. For example, PIN generation can be accomplished by entering any input choices, such as pressing particular buttons on the source device 120, pressing buttons in a particular sequence on the source device 120, etc., in response to one or more instructions from the first sink device 110. This way, a user who wants to connect a new device to an existing WHDI device has a simplified method of PIN generation and entry for the existing WHDI device, for example, by using the interface on the WHDI device.
  • the WHDI device when the WHDI device generates a one-time random PIN for the new device for security purposes, it is more secure and user-friendly to let the devices generate a PIN at runtime than using a specific PIN already pre-assigned for a particular source device, because it reduces the possibility of the PIN being stolen or the PIN being forgotten by the user.
  • certificate validation a WHDI device will initially be loaded with a certificate in the factory as well as the device's identification.
  • the WHDI device certificates of both devices have to be validated first. After validating each other's certificate, each device also gets the other device's public key, which can be used to encrypt and protect the data transmitted between these two devices.
  • the sink device 110 generates a PIN for the source device 120 based on the type of inputs at the source device 120, such as pressable buttons, or other user input options.
  • the source device 120 can also take part in the PIN generation process by providing some random values to the sink device 110. These random data can be encrypted using the sink device 110's public key and the sink device 110 can decrypt it using its own private key.
  • the sink device 110 After the sink device 110 generates the PIN, indicates user entries, and they are entered at the source device, and the generated PIN is the same, the devices may register with each other and the new device may join the existing domain in the WHDI network 100.
  • the domain is used in WHDI to define one or more WHDI devices that a particular WHDI device is authorized to send and/or receive content.
  • This entire PIN generation process is a user friendly and secure method.
  • This PIN generation method may be performed using a Graphical User Interface (GUI) displayed on one or more of the WHDI devices. Also, an administrative GUI may be provided to manage domains.
  • GUI Graphical User Interface
  • the WHDI network 100 also provides the ability to stream the persistently-stored content from the initial source device to another sink device, or from the initial source device to another source device that has been authenticated as part of the WHDI network.
  • this allows a media server as a source device, e.g., a dual-tuner set-top box ("STB") with hard drive, to deliver recorded content to any sink device such as TV, in the house by streaming to a targeted sink device such as HDTV.
  • STB dual-tuner set-top box
  • FIG. 2 An embodiment of a method in which the WHDI network 100 may be employed for generating a PIN among different WHDI devices will now be described with respect to the following flow diagram of the method 200 depicted in FIG. 2 .
  • the method 200 represents a generalized illustration and that other steps may be added or existing steps may be removed, modified or rearranged without departing from the scopes of the method 200.
  • the method 200 is described with respect to the WHDI network 100 by way of example and not limitation, and the method 200 may be used in other systems or other types of networks, wired or wireless.
  • FIG. 2 illustrates a flow diagram of a method 200 for generating a PIN between a first device and a second device in a wireless network, according to an embodiment of the present invention.
  • the wireless network is a WHDI network including end user home or office devices. Therefore, in one embodiment, the first device may be the sink device 110 and the second device may be the source device 120 shown in FIG. 1 , which is configured to generate a PIN.
  • FIG. 2 shows steps performed by a first device and a second device to generate a PIN.
  • the first device is a sink device and the second device is a source device, such as the sink and source devices described with respect to FIG. 1 in a WHDI network.
  • the first device sends a request to the second device.
  • the request is a message that invokes the PIN generation method 200.
  • the first device's certificate is sent to the second device when the first device sends a request to the second device and the second device uses the public key in the certificate to encrypt the random values for the button list in the following steps. So the encryption key may be included in the request.
  • the second device may reply to the first device with a message authenticated with the previously shared registration key so that the first device can recognize the second device as an option, or the second device may allow the registration process to continue and overwrite the old registration data if the new registration succeeds.
  • the second device If the second device is not registered to the first device, it means that the first device may not have generated a PIN for the second device previously and the second device does not have a registration key for connecting to the first device and further to the WHDI network, which the first device belongs to.
  • the second device When the second device is not registered to the first device, it shall proceed to the next step.
  • the second device may enable its buttons for the directed user entry mode for a predetermined period until the button(s) is pressed, otherwise it times out. During the user entry mode, the buttons shall be considered being used for that purpose only. For each WHDI source device, it is possible that the manufacturer may specify a list of buttons and button names that can be used for user entry and subsequent PIN generation.
  • the second device receives the request.
  • the received request for example, places the second device in a user entry mode, where buttons or other manual inputs on the second device are used for PIN generation.
  • the second device determines input choices, and at step 213, the second device determines values for each input choice.
  • An input choice is information that can be input into the second device.
  • the input choice typically is information that can be manually entered into the second device.
  • the input choices are associated with buttons on the second device.
  • Examples of input choices of the second device are a set of keypad or button list for function keys, such as "PLAY”, "STOP”,"PAUSE", and "ENTER” depends on the type of the second device.
  • a DVD player as a second device may have buttons for "PLAY", "STOP", and "PAUSE” that are input choices.
  • a notebook PC may use keys on its keyboard as input choices.
  • Another example of an input choice may be a number of clicks of a button. Such as 3 continuous clicks on PLAY and 2 continuous clicks on PAUSE.
  • a value is determined for each input choice.
  • Each value may be a random number.
  • Each value may be generated by the second device, for example, using a random number generator, or pre-stored in the second device, such as during the manufacture process.
  • the input choices and values are comprised of a button list.
  • the button list includes a button name and value for each button of a set of buttons on the second device.
  • One example of a button list is ⁇ (PLAY, 10), (PAUSE,13), (STOP, 24) ⁇ .
  • the second device transmits the input choices and corresponding values to the first device.
  • the transmission can be secured, for example, by encrypting the information being transmitted, so that any other party cannot see the information.
  • the second device may use the first device's public key from the certificate to encrypt the input choices information.
  • the second device may keep the input choices and corresponding values until the registration process is over.
  • the first device receives the input choices and corresponding values from the second device. If the information is encrypted, the first device may decrypt it first. For example, the button list is received from the second device and the first device may use its private key to decrypt the information first.
  • the first device selects a sequence of the input choices.
  • the sequence may be selected randomly. For example, if the button list is ⁇ (PLAY, 10), (PAUSE,13), (STOP, 24) ⁇ , the first device selects a random sequence of the buttons, such as ⁇ (STOP, 24), (PLAY, 10), (PAUSE,13) ⁇ .
  • the number of input choices in the sequence can be determined by the first device randomly too. Normally the number of input choices can be one or more. Also, an input choice can be repeated for multiple times or not used at all in the sequence.
  • the first device generates a first concatenated value from the values in the selected sequence.
  • the ways to concatenate the values could be many.
  • the sequence is STOP, PLAY, PAUSE.
  • the corresponding values are 24, 10, and 13, respectively.
  • the first concatenated value could be 241013, or the values can be concatenated in binary values, or the values can be concatenated after a transformation, such as adding a number (e.g. 5) to each value, as long as both devices do the same transformation. This step may be performed anytime after the sequence is selected.
  • the first device presents only the input choices, and not both the input choices and corresponding values, in the selected sequence.
  • the presentation of the sequence may include an audio or visual presentation.
  • the first device is a TV
  • the TV displays the sequence of STOP, PLAY, PAUSE.
  • the presentation can be to a user.
  • the input choices are entered in the second device. This may include manual entry.
  • the user views the displayed the sequence of STOP, PLAY, PAUSE, and pushes STOP, PLAY, PAUSE buttons in that order on the second device.
  • the second device identifies the corresponding value for input choice.
  • the button list is stored in the second device and is retrieved to determine the corresponding value for each input choice.
  • the second device generates a second concatenated value from the values in the sequence of the entered input choices.
  • the sequence is STOP, PLAY, PAUSE.
  • the corresponding values are 24, 10, and 13, respectively.
  • the second concatenated value is 241013. Also there are many ways to concatenate the values with or without transformation, as long as both devices use the same way.
  • the concatenated values formed at the first and second devices are the PINs.
  • each device calculates its own PIN as represented by steps 206 and 218. If both devices generate the same PIN, then one device would be allowed to become a member of the domain or connect to the other device. There are many methods to verify whether these two devices generate the same PIN.
  • the second device may send the PIN back to the first device securely for the first device to verify directly, or the second device may send some data derived from the PIN to the first device for the first device to verify indirectly.
  • the second device may derive a device registration key from the PIN generated by its own, or from the PIN and some other secret data shared between these two devices, and then use the derived key to generate a Message Authentication Code (MAC) over an acknowledgement message and send back to the first device.
  • MAC Message Authentication Code
  • the first device After receiving the acknowledgement message with the MAC from the second device, the first device will use the PIN generated by its own, or use the PIN with some other secret data shared between the two devices, to derive a device registration key as same as the second device did, and then use the derived key to verify the acknowledgement message's MAC. If the MAC is verified, which also means the second device has generated the right PIN to derive the right key.
  • the PINs generated by these two devices are indirectly verified to be same. If the MAC verification failed, which means the PIN generated by the second device may not be same as the PIN the first device generated. If so, the PIN verification failed and these two devices may not be able to connect with each other to share content. The user may restart the process again to make the PIN verification successful, such that the first device and second device may effectively belong to the same domain or connect to each other, and can communicate further.
  • the PINs are used to generate device registration keys. By verifying whether the derived keys are same, we can indirectly verify whether the PINs are same. If the device registration keys derived from the PINs match, then the first device exchanges a shared device registration key with the second device and they become registered with each other. Note that the user of an unauthorized first device would not be able to access the second device and enter the input choices to generate the same PIN on the second device using the method 200, and the user of an unauthorized second cannot initiate a registration request from the first device, so the method 200 prevents unauthorized devices from becoming registered with another device.
  • FIGs. 3A , 3B and 3C An embodiment of a method in which the WHDI network 100 as well as the method 200 may be employed for distributing a domain key for device registration in a domain among different WHDI devices will now be described with respect to the following flow diagram of the method 300 depicted in FIGs. 3A , 3B and 3C .
  • the method 300 represents a generalized illustration and that other steps may be added or existing steps may be removed, modified or rearranged without departing from the scopes of the method 300.
  • the method 300 is described with respect to the WHDI network 100 and the method 200 by way of example and not limitation, and the method 300 may be performed in other types of networks that may be wired or wireless.
  • FIG. 3A illustrates a flow diagram of a method 300 for securely distributing a domain key for device registration between a first device and a second device in a wireless network, according to an embodiment of the present invention.
  • the first device is the sink device 110 and the second device is the source device 120 shown in figure 1 .
  • the sink device 110 has a domain key and will distribute the domain key securely to the source device 120.
  • the source device 120 has a domain key and will distribute the domain key securely to the sink device 110.
  • the flow diagrams show the first device being the sink device, in other embodiments the first device is a source device.
  • the first and second devices verify that each device is a certified WHDI device.
  • the first device provides its valid WHDI device certificate to the second device and the second device provides its valid WHDI device certificate to the first device.
  • the first device verifies the certificate of the second device and at step 351, the second device verifies the certificate of the first device.
  • Device authorization may be performed using the method 200 to determine that a device requesting to join a domain is an authorized device.
  • a random number is generated at the second device. This random number is referred to as Nsrc.
  • Nsrc is encrypted using the public key from the certificate of the first device and sent to the first device. For example, the second device transmits Nsrc over a WHDI network to the first device, and Nsrc is encrypted with the public key of the first device.
  • random data is generated at the second device, encrypted and sent to the first device. Steps 355 and 356 are optional.
  • the random data may be used by the first device to generate a PIN, or other data may be used to generate a PIN.
  • the first device decrypts Nsrc and the random data.
  • the first device generates a random number, referred to as Nsnk.
  • the first device encrypts Nsnk, for example, with the public key of the second device, and sends the encrypted Nsnk to the second device at step 305.
  • the two random numbers Nsrc and Nsnk can also be encrypted and exchanged to derive the session key using the well-known Diffie-Hellman (DH) key exchange method or some other equivalent methods, such as Elliptic Curve Diffie-Hellman (ECDH) method.
  • DH Diffie-Hellman
  • ECDH Elliptic Curve Diffie-Hellman
  • the PIN can be used to derive the session key together with the exchanged shared secret using DH or ECDH.
  • the second device If using ECDH method, the second device generates a random ECDH private key in step 353 and calculates the corresponding ECDH public key and sends it to the first device in step 354.
  • the first device also generates the ECDH public key pairs in Step 304 and 305.
  • the first and second device may use the ECDH shared secret, which is calculated from each device's ECDH private key and the other device's ECDH public key, to derive the session key together with the PIN.
  • the DH method can do it in a same or similar way.
  • the first device generates a PIN.
  • the PIN may be a random value.
  • the PIN may be generated from random data received from the second device.
  • Steps 355 and 356 describe sending the random data to the first device.
  • the PIN may be a one-time use PIN that is randomly generated by the first device, or the PIN may be the PIN generated from the concatenated values described with respect to step 217 in the method 200.
  • the first device generates instructions to enter the PIN in the second device. For example, instructions are displayed that tell a user to manually enter the PIN in the second device, for example, using a keypad or remote control for the second device. The instructions may be displayed on the first device to the user.
  • the PIN is entered in the second device by the user. If the second device did not generate the random value for each input choice, the first device may also securely send the values to the second device as an option. At this point, each device should have Nsrc, Nsnk, and the PIN, and each device can generate the session key on its own using this information and the same key generation function.
  • the first device encrypts a domain key using the session key, and sends the encrypted domain key to the second device. Note that this is the secure transmission of the domain key to the second device using the session key. If it is the first device trying to join the domain that the second device belongs to, the second device will encrypt the domain key using the session key and sends the encrypted domain key to the first device, and the first device will decrypt it using the same session key. The security of the transmission is improved by the use of three random values, including a one-time used PIN, which makes it more difficult for an unauthorized user to generate the session key and get the domain key.
  • the PIN is optional for the PIN to be generated from the random data from the second device. The value for each input choice for the PIN may be pre-assigned. It is also optional for the PIN be involved in the session key derivation, if we can verify the PIN separately before sending the domain key.
  • the second device decrypts the domain key using the session key it generated.
  • the second device can decrypt the domain key only if it generated the same session key as the first device.
  • the second device sends an acknowledgement message (ACK) to the first device, which indicates that the second device is able to decrypt the domain key.
  • ACK acknowledgement message
  • the first device receives the ACK to verify that the second device has the correct session key to decrypt the domain key. Now the second device can present the domain key to join the domain of the first device. The registration may then be closed at step 311.
  • FIG. 3B illustrates a flow diagram of a simplified method for secure and efficient domain key distribution for device registration between a first device and a second device in a wireless network, according to an embodiment of the present invention.
  • the steps of method 300 as described in FIG. 3A is simplified into the four simple functions as shown in FIG. 3B .
  • the first device and the second device accomplishes mutual certificate authentication.
  • the first device and the second device generate one-time use PIN and verify the one-time use PIN.
  • the first device and the second device exchange the registration key with each other.
  • the first device or the second device distribute the domain key.
  • the method 300 accomplishes mutual certificate authentication, authorization PIN verification, registration key exchange and domain key distribution.
  • FIG. 3C illustrates one embodiment of the transactions of the protocol of distributing the domain key during device registration using method 300.
  • the first device sends its WHDI certificate and registration request mode to the second device. If it's requesting for the Source-Domain mode or Sink-Domain mode registration, the domain name of the source device domain or the sink device domain will be included respectively.
  • the second device In the second transaction of Registration Reply Message, which is sent from the second device to the first device, the second device sends its WHDI certificate, a random number Nsrc and a list of input choices to the first device.
  • the list of input choices may include a list of input choices and a random value for each input choice.
  • the random number and the input choices list may be encrypted using the public key got from the first device's certificate.
  • the first device sends a random number Nsnk back to the second device.
  • the received Nsrc may be sent together with Nsnk for the second device to identify the transaction.
  • These random numbers may be encrypted using the second device's public key got from the second device's certificate.
  • the first device may also send the domain key of the sink device's domain to the second device encrypted using the device registration key derived from the random numbers Nsrc and Nsnk and the PIN generated from the sequence of the input choices.
  • the first device Before deriving the device registration key, the first device also determines the PIN and instructs the user to enter the input choices at the second device using the PIN generation method 200. This message is also signed using the device registration key as a Message Authentication Code (MAC) key. This generated MAC can be used by the second device to verify whether it generates the right PIN and derives the right device registration key.
  • MAC Message Authentication Code
  • the second device sends back an acknowledge message with a MAC generated using the device registration key that the second device derived from the PIN generated from the user's manual input following the instructions that the first device instructed the user.
  • the first device may use its own derived device registration key to verify the MAC to make sure the second device got the right PIN and later the two devices are registered. If the registration is a Source-Domain mode registration, the domain key of the source device's domain will be encrypted using the second device's derived device registration key and sent to the first device. Therefore, these four transactions accomplished all four functions described in FIG. 3B securely and efficiently.
  • the method 300 greatly improves the efficiency of the data transmission and reduces the number of transactions.
  • the encrypted domain key may be distributed before the session key exchange is completed, it's still secure enough to protect the domain key because the PIN is one-time use random PIN and it is delivered through out-of-band channel, so it is very difficult to attack. If it is not required for some reason, e.g. the device may be authenticated by some other device certificates, the certificate verification step could be optional in this method.
  • FIG. 4 shows the block diagram of a computer system 400 that may be used as a platform for a first device, second device, source device, or a sink device.
  • the computer system 400 may also be used to execute one or more computer programs performing the methods, steps and functions described herein.
  • the computer programs are stored in computer readable mediums.
  • the computer system 400 includes a processor 420, providing an execution platform for executing software. Commands and data from the processor 420 are communicated over a communication bus 430.
  • the computer system 400 also includes a main memory 440, such as a Random Access Memory (RAM), where software may reside during runtime, and a secondary memory 450.
  • the secondary memory 450 may include, for example, a nonvolatile memory where a copy of software is stored.
  • the secondary memory 450 also includes ROM (read only memory), EPROM (erasable, programmable ROM), EEPROM (electrically erasable, programmable ROM), and other data storage devices, include hard disks.
  • the computer system 400 includes I/O devices 460.
  • the I/O devices may include a display and/or user interfaces comprising one or more I/O devices, such as a keyboard, a mouse, a stylus, speaker, and the like.
  • a communication interface 480 is provided for communicating with other components.
  • the communication interface 480 may be a wired or a wireless interface.
  • the communication interface 480 may be a network interface.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Claims (11)

  1. Procédé de transfert d'une clé de domaine entre un premier dispositif (110) et un deuxième dispositif (120) dans un réseau, le procédé comprenant :
    la vérification que le deuxième dispositif (120) est un dispositif homologué au moyen de certificats, où le deuxième dispositif (120) vérifie si le premier dispositif (110) est un dispositif autorisé au moyen de certificats ;
    la réception, au niveau du premier dispositif (110), d'un premier nombre aléatoire provenant du deuxième dispositif (120), dans lequel le premier nombre aléatoire est crypté ;
    la détermination d'un deuxième nombre aléatoire au niveau du premier dispositif (110) ;
    la transmission du deuxième nombre aléatoire du premier dispositif (110) au deuxième dispositif (120) ;
    la génération d'un numéro d'identification personnel, NIP, au niveau du premier dispositif (110), à partir de données aléatoires reçues du deuxième dispositif (120), dans lequel les données aléatoires comprennent les choix d'entrées et les valeurs correspondantes ;
    en réponse à la génération du NIP, la transmission d'instructions, par le premier dispositif, qui instruisent une entrée utilisateur d'informations nécessaires pour générer le NIP dans le deuxième dispositif (120) en utilisant lesdits choix d'entrée, où le NIP est généré et les instructions sont transmises après vérification ;
    la génération d'une clé de session à partir du premier numéro aléatoire, du deuxième numéro aléatoire, et du NIP ; et
    la transmission de la clé de domaine cryptée avec la clé de session du premier dispositif (110) au deuxième dispositif (120), ou la réception de la clé de domaine cryptée avec la clé de session du deuxième dispositif au premier dispositif.
  2. Procédé selon la revendication 1, comprenant en outre :
    l'autorisation à l'un parmi le premier dispositif (110) ou le deuxième dispositif (120) de rejoindre un domaine du deuxième dispositif (120) ou du premier dispositif (110), respectivement, si le deuxième dispositif (120) génère une même clé de session que le premier dispositif (110), et le deuxième dispositif peut fonctionner pour utiliser la clé de session afin de crypter et de décrypter la clé de domaine du premier dispositif.
  3. Procédé selon la revendication 1, dans lequel le deuxième dispositif (12) utilise un NIP entré manuellement pour vérifier le premier dispositif (110), ou le deuxième dispositif (120) est un dispositif autorisé, dans lequel le premier dispositif (110), ou le deuxième dispositif (120), est introduit dans le réseau.
  4. Procédé selon la revendication 1, dans lequel la vérification que le deuxième dispositif (120) et le premier dispositif (110) sont des dispositifs autorisés comprend :
    l'échange de certificats entre le premier et le deuxième dispositif (120) afin de vérifier que le deuxième dispositif (120) et le premier dispositif (110) sont des dispositifs autorisés.
  5. Procédé selon la revendication 1, dans lequel le premier nombre aléatoire reçu du deuxième dispositif (120) est crypté en utilisant une clé publique du premier dispositif (110), et le procédé comprend en outre :
    le décryptage du premier nombre aléatoire à utiliser dans la génération de la clé de session.
  6. Procédé selon la revendication 1, dans lequel la transmission du deuxième nombre aléatoire du premier dispositif (110) au deuxième dispositif (120) comprend en outre :
    le cryptage du deuxième nombre aléatoire en utilisant une clé publique du premier dispositif (110) ; et
    la transmission du deuxième nombre aléatoire crypté au deuxième dispositif (120), où le deuxième dispositif (120) décrypte le deuxième nombre aléatoire en utilisant une clé privée du deuxième dispositif pour générer la clé de session.
  7. Procédé selon la revendication 1, dans lequel le NIP est une valeur aléatoire.
  8. Procédé selon la revendication 1, dans lequel le NIP est entré manuellement dans le deuxième dispositif (120), et le NIP entré manuellement est utilisé par le deuxième dispositif (120) pour générer la clé de session.
  9. Procédé selon la revendication 1, dans lequel le premier dispositif (110) et le deuxième dispositif (120) comprennent un dispositif récepteur et un dispositif source ou deux dispositifs sources dans un réseau d'une interface numérique domestique sans fil, WHDI.
  10. Procédé selon la revendication 1, dans lequel le premier dispositif (110) et le deuxième dispositif (120) comprennent deux dispositifs sources dans un réseau d'une interface numérique domestique sans fil, WHDI.
  11. Dispositif configuré pour exécuter le procédé selon une quelconque revendication précédente.
EP09836638.8A 2008-12-29 2009-12-01 Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs Active EP2382735B1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/344,997 US8504836B2 (en) 2008-12-29 2008-12-29 Secure and efficient domain key distribution for device registration
PCT/US2009/066178 WO2010077515A2 (fr) 2008-12-29 2009-12-01 Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs

Publications (3)

Publication Number Publication Date
EP2382735A2 EP2382735A2 (fr) 2011-11-02
EP2382735A4 EP2382735A4 (fr) 2013-08-21
EP2382735B1 true EP2382735B1 (fr) 2018-05-09

Family

ID=42286343

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09836638.8A Active EP2382735B1 (fr) 2008-12-29 2009-12-01 Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs

Country Status (4)

Country Link
US (1) US8504836B2 (fr)
EP (1) EP2382735B1 (fr)
CN (1) CN102265551B (fr)
WO (1) WO2010077515A2 (fr)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8185049B2 (en) * 2008-12-29 2012-05-22 General Instrument Corporation Multi-mode device registration
US9148423B2 (en) * 2008-12-29 2015-09-29 Google Technology Holdings LLC Personal identification number (PIN) generation between two devices in a network
US9538355B2 (en) * 2008-12-29 2017-01-03 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US8600058B2 (en) * 2009-03-27 2013-12-03 Samsung Electronics Co., Ltd. Generation of self-certified identity for efficient access control list management
US8904172B2 (en) * 2009-06-17 2014-12-02 Motorola Mobility Llc Communicating a device descriptor between two devices when registering onto a network
CN101588236B (zh) * 2009-07-16 2012-03-14 四川长虹电器股份有限公司 内容安全传输保护设备、系统以及内容安全传输方法
US8788810B2 (en) * 2009-12-29 2014-07-22 Motorola Mobility Llc Temporary registration of devices
US9122861B2 (en) * 2010-07-30 2015-09-01 Sony Corporation Managing device connectivity and network based services
KR101748732B1 (ko) * 2011-06-27 2017-06-19 삼성전자주식회사 임시 키를 이용한 전자 장치의 컨텐츠 공유 방법 및 이를 적용한 전자 장치
US8874915B1 (en) * 2011-09-28 2014-10-28 Amazon Technologies, Inc. Optimized encryption key exchange
FR2982104B1 (fr) * 2011-10-28 2014-06-20 Celtipharm Procede et systeme de mise en relation entre eux d'ensembles d'informations relatifs a une meme personne
US9660972B1 (en) 2012-06-25 2017-05-23 Amazon Technologies, Inc. Protection from data security threats
US9258118B1 (en) * 2012-06-25 2016-02-09 Amazon Technologies, Inc. Decentralized verification in a distributed system
JP5987552B2 (ja) * 2012-08-21 2016-09-07 株式会社リコー 無線通信装置、プログラムおよび方法
CN104778421A (zh) * 2014-01-13 2015-07-15 全宏科技股份有限公司 数据安全加密方法、用以加密或认证的数据安全系统及数据载体
US20150229475A1 (en) * 2014-02-10 2015-08-13 Qualcomm Incorporated Assisted device provisioning in a network
CN105721405B (zh) * 2014-12-04 2019-08-16 北京奇虎科技有限公司 一种防止工具数据包被盗的方法、客服端、客户端及系统
US20160180804A1 (en) * 2014-12-23 2016-06-23 Intel Corporation Refresh rate control using sink requests
CN105873039B (zh) * 2015-01-19 2019-05-07 普天信息技术有限公司 一种移动自组网络会话密钥生成方法及终端
CN104618380B (zh) * 2015-02-03 2017-09-29 浙江师范大学 一种适用于物联网的密钥更新方法
CN111052779A (zh) * 2018-01-25 2020-04-21 华为技术有限公司 通信方法和通信装置
CN108377189B (zh) * 2018-05-09 2021-01-26 深圳壹账通智能科技有限公司 区块链上用户通信加密方法、装置、终端设备及存储介质
CN109698746B (zh) * 2019-01-21 2021-03-23 北京邮电大学 基于主密钥协商生成绑定设备的子密钥的方法和系统
CN112995993A (zh) * 2019-12-02 2021-06-18 西安西电捷通无线网络通信股份有限公司 无线网络切换方法及设备
KR102463051B1 (ko) * 2021-11-23 2022-11-03 펜타시큐리티시스템 주식회사 선박 네트워크 접근제어 방법 및 장치

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator

Family Cites Families (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5761305A (en) * 1995-04-21 1998-06-02 Certicom Corporation Key agreement and transport protocol with implicit signatures
US5909183A (en) * 1996-12-26 1999-06-01 Motorola, Inc. Interactive appliance remote controller, system and method
CN1091902C (zh) * 1997-12-29 2002-10-02 张义农 一种通用计算机的访问控制和软件版权保护装置及方法
US6199136B1 (en) * 1998-09-02 2001-03-06 U.S. Philips Corporation Method and apparatus for a low data-rate network to be represented on and controllable by high data-rate home audio/video interoperability (HAVi) network
US6084512A (en) * 1998-10-02 2000-07-04 Lucent Technologies, Inc. Method and apparatus for electronic labeling and localizing
US6826607B1 (en) * 1999-10-06 2004-11-30 Sensoria Corporation Apparatus for internetworked hybrid wireless integrated network sensors (WINS)
JP3628250B2 (ja) * 2000-11-17 2005-03-09 株式会社東芝 無線通信システムで用いられる登録・認証方法
US7039391B2 (en) * 2000-11-28 2006-05-02 Xanboo, Inc. Method and system for communicating with a wireless device
JP3494998B2 (ja) * 2001-01-25 2004-02-09 株式会社ソニー・コンピュータエンタテインメント 情報通信システム、情報処理装置、通信特定情報の保存方法、通信特定情報の保存プログラムを記録したコンピュータ読み取り可能な記録媒体、通信特定情報の保存プログラム
US6845097B2 (en) * 2001-11-21 2005-01-18 Ixi Mobile (Israel) Ltd. Device, system, method and computer readable medium for pairing of devices in a short distance wireless network
US6983370B2 (en) * 2001-11-27 2006-01-03 Motorola, Inc. System for providing continuity between messaging clients and method therefor
US7119851B2 (en) * 2002-01-22 2006-10-10 Canon Kabushiki Kaisha Image processing apparatus and control method thereof
JP4625695B2 (ja) * 2002-05-22 2011-02-02 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ デジタル著作権の管理方法およびシステム
US6995655B2 (en) * 2002-10-02 2006-02-07 Battelle Memorial Institute Method of simultaneously reading multiple radio frequency tags, RF tags, and RF reader
WO2005029737A2 (fr) * 2003-09-25 2005-03-31 Amimon Ltd. Emission radio de video de haute qualite
US7020121B2 (en) * 2003-11-17 2006-03-28 Sony Corporation Method and system for wireless digital multimedia transmission
US7562379B2 (en) * 2003-12-22 2009-07-14 Sony Corporation Method and system for wireless digital multimedia presentation
WO2005101727A1 (fr) * 2004-04-15 2005-10-27 Matsushita Electric Industrial Co., Ltd. Dispositif de communication, système de communication et méthode d’authentification
US8276209B2 (en) * 2004-09-17 2012-09-25 Koninklijke Philips Electronics N.V. Proximity check server
US20060116107A1 (en) * 2004-11-24 2006-06-01 Hulvey Robert W System and method for pairing wireless headsets and headphones
KR100660850B1 (ko) * 2005-01-11 2006-12-26 삼성전자주식회사 Vod 시스템 및 vod 시스템 재구성 방법
KR100636228B1 (ko) * 2005-02-07 2006-10-19 삼성전자주식회사 계층적인 노드 토폴로지를 이용한 키 관리 방법 및 이를이용한 사용자 등록 및 등록해제 방법
JP4630706B2 (ja) * 2005-03-31 2011-02-09 富士通株式会社 サービス装置、サービス装置によるクライアント装置の接続先切替制御方法およびプログラム
US20060224893A1 (en) * 2005-04-04 2006-10-05 Intermec Ip Corp. Secure wireless communication apparatus and method for electronic devices incorporating pushed pins
DE602005025592D1 (de) 2005-04-04 2011-02-10 Research In Motion Ltd Sichere Verwendung eines Bildschirms zum Austausch von Informationen
US20060288209A1 (en) * 2005-06-20 2006-12-21 Vogler Dean H Method and apparatus for secure inter-processor communications
US8001584B2 (en) * 2005-09-30 2011-08-16 Intel Corporation Method for secure device discovery and introduction
US20070107020A1 (en) * 2005-11-10 2007-05-10 Hitachi, Ltd. System and method for providing reliable wireless home media distribution
US20070178884A1 (en) * 2005-12-07 2007-08-02 General Instrument Corporation Remote Provisioning of Privacy Settings in a Home Multimedia Network
US8478300B2 (en) * 2005-12-20 2013-07-02 Microsoft Corporation Proximity service discovery in wireless networks
US7613426B2 (en) * 2005-12-20 2009-11-03 Microsoft Corporation Proximity service discovery in wireless networks
KR100739781B1 (ko) * 2005-12-27 2007-07-13 삼성전자주식회사 무선 디바이스 그룹 별로 메시지를 전송하는 방법 및 장치
KR100765774B1 (ko) * 2006-01-03 2007-10-12 삼성전자주식회사 도메인 관리 방법 및 그 장치
JP4879830B2 (ja) 2006-02-14 2012-02-22 パナソニック株式会社 無線通信システム
JPWO2007094347A1 (ja) 2006-02-14 2009-07-09 パナソニック株式会社 無線通信システム
US8189627B2 (en) * 2006-06-28 2012-05-29 Samsung & Electronics Co., Ltd. System and method for digital communications using multiple parallel encoders
KR100860404B1 (ko) * 2006-06-29 2008-09-26 한국전자통신연구원 다중 도메인 홈네트워크 환경에서의 디바이스 인증 방법 및장치
KR100778477B1 (ko) 2006-06-29 2007-11-21 엘지전자 주식회사 Hdmi의 무선 인터페이스 장치 및 방법
WO2008002081A1 (fr) 2006-06-29 2008-01-03 Electronics And Telecommunications Research Institute Procédé et appareil pour authentifier un dispositif dans un environnement de réseau domestique multidomaine
US7511762B2 (en) * 2006-09-06 2009-03-31 Amimon Ltd. Generation of a frame synchronized clock for a wireless video receiver
US8935733B2 (en) * 2006-09-07 2015-01-13 Porto Vinci Ltd. Limited Liability Company Data presentation using a wireless home entertainment hub
JP2008084245A (ja) * 2006-09-29 2008-04-10 Hitachi Ltd 識別子を持った電子デバイスシステム
US8601555B2 (en) * 2006-12-04 2013-12-03 Samsung Electronics Co., Ltd. System and method of providing domain management for content protection and security
US8239551B2 (en) * 2006-12-08 2012-08-07 Telefonaktiebolaget L M Ericsson (Publ) User device, control method thereof, and IMS user equipment
US11126966B2 (en) * 2007-01-23 2021-09-21 Tegris, Inc. Systems and methods for a web based inspection compliance registry and communication tool
KR101391151B1 (ko) * 2007-06-01 2014-05-02 삼성전자주식회사 세션 키를 이용한 인증 방법 및 이를 위한 장치
US20080313462A1 (en) * 2007-06-13 2008-12-18 Meiyuan Zhao Apparatus and method for deriving keys for securing peer links
WO2009022334A2 (fr) * 2007-08-15 2009-02-19 Amimon Ltd. Dispositif, procédé et système de communication sans fil
US7970418B2 (en) * 2007-08-31 2011-06-28 Verizon Patent And Licensing Inc. Method and system of providing event content sharing by mobile communication devices
US8527771B2 (en) * 2007-10-18 2013-09-03 Sony Corporation Wireless video communication
US9245041B2 (en) * 2007-11-10 2016-01-26 Geomonkey, Inc. Creation and use of digital maps
CN101179380A (zh) * 2007-11-19 2008-05-14 上海交通大学 一种双向认证方法、系统及网络终端
US20090177511A1 (en) * 2008-01-08 2009-07-09 Matthew Mark Shaw Recruiting and applicant qualification system
US20110047583A1 (en) * 2008-02-25 2011-02-24 Internet Connectivity Group, Inc. Integrated wireless mobilemedia system
US8001381B2 (en) * 2008-02-26 2011-08-16 Motorola Solutions, Inc. Method and system for mutual authentication of nodes in a wireless communication network
US8275394B2 (en) * 2008-03-20 2012-09-25 Nokia Corporation Nokia places floating profile
US20090247197A1 (en) * 2008-03-27 2009-10-01 Logincube S.A. Creating online resources using information exchanged between paired wireless devices
WO2009145733A1 (fr) * 2008-05-28 2009-12-03 Agency For Science, Technology And Research Authentification et établissement de clé dans des réseaux de capteurs sans fil
US8340035B2 (en) * 2008-12-02 2012-12-25 Samsung Electronics Co., Ltd. Method and apparatus for changing communication link between source devices and sink devices
US9148423B2 (en) * 2008-12-29 2015-09-29 Google Technology Holdings LLC Personal identification number (PIN) generation between two devices in a network
US8185049B2 (en) * 2008-12-29 2012-05-22 General Instrument Corporation Multi-mode device registration
US9538355B2 (en) * 2008-12-29 2017-01-03 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US8904172B2 (en) * 2009-06-17 2014-12-02 Motorola Mobility Llc Communicating a device descriptor between two devices when registering onto a network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator

Also Published As

Publication number Publication date
CN102265551A (zh) 2011-11-30
US8504836B2 (en) 2013-08-06
EP2382735A2 (fr) 2011-11-02
EP2382735A4 (fr) 2013-08-21
CN102265551B (zh) 2015-04-22
WO2010077515A3 (fr) 2010-08-19
US20100169646A1 (en) 2010-07-01
WO2010077515A2 (fr) 2010-07-08

Similar Documents

Publication Publication Date Title
EP2382735B1 (fr) Transmission sûre et efficace de codes de domaine en vue de l'enregistrement de dispositifs
US9794083B2 (en) Method of targeted discovery of devices in a network
EP2382830B1 (fr) Enregistrement de dispositif multimode
US8904172B2 (en) Communicating a device descriptor between two devices when registering onto a network
KR101478419B1 (ko) 디바이스들의 임시 등록
US9148423B2 (en) Personal identification number (PIN) generation between two devices in a network
JP5713531B2 (ja) 安全確実なインスタント・メッセージング
KR20050052978A (ko) 홈 네트워크 구성 기기의 정보를 담고 있는 스마트 카드를이용하여 홈 도메인을 구축하는 시스템 및 방법

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110729

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20130722

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/08 20060101ALI20130716BHEP

Ipc: H04N 21/4363 20110101ALI20130716BHEP

Ipc: H04L 9/32 20060101AFI20130716BHEP

Ipc: H04N 21/4408 20110101ALI20130716BHEP

Ipc: H04N 21/436 20110101ALI20130716BHEP

Ipc: H04L 29/06 20060101ALI20130716BHEP

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MOTOROLA MOBILITY LLC

17Q First examination report despatched

Effective date: 20150916

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GOOGLE TECHNOLOGY HOLDINGS LLC

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20171215

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 998488

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180515

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602009052260

Country of ref document: DE

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20180509

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180809

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180809

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180810

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 998488

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602009052260

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20190212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181201

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20181231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181201

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181231

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181201

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180509

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20091201

Ref country code: MK

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20180509

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180909

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20201227

Year of fee payment: 12

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20211231

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230515

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20231227

Year of fee payment: 15

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20231229

Year of fee payment: 15